Post permalink

The long term solution may involve supporting
EFI instead of the PC BIOS, as Apple has done with their new systems. Unfortunately it appears that support for EFI is one of the things that was
thrown overboard for Vista.

The medium-term solution might be for antivirus/antispyware makers to start doing some kind of checksum on the flash memory contents so at least they'll let you know when it has been changed. I don't know if that's possible. If it
was possible, I don't see AV vendors being in a big hurry to implement that check, as most of them just figured out there was something called "spyware" in the last 12-18 months. If they haven't yet gotten a clue about
rootkits, why would they figure out there could be a problem with the BIOS?

No, this is probably just going to go underreported for a while, until there's some major BIOS-based rootkit/trojan/malware, and then instead of
fixing the problem, the industry will just tell everyone they need to run out and buy a new 64-bit EFI-based PC with a TPM chip.

A couple of years ago people were up in arms about Palladium and "trusted computing" and fears of "Big Brother." My guess is that people will eventually BEG for that stuff. Trusted computing? They'll pay
extra for it. Remember, in the novel 1984, the telescreen was a
perquisite. It was something reserved for loyal party members. Proles didn't get to have them.

Perhaps we will, finally, love Big Brother.

The short-term solution might be what you did: flashing your BIOS on a regular basis.

Some BIOSes have a setting that requires a password before you can make BIOS setting changes. That's good, but I honestly don't know how secure it is (e.g. if the password is stored in cleartext on the flash memory).